Privacy Policy

Callgenly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI receptionist platform, including our website, dashboard, APIs, and phone services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Account Information

When you register, we collect your name, email address, organization name, and billing information. If you sign up via Google or Microsoft SSO, we receive your name and email from the identity provider.

Phone and Call Data

We process phone numbers (stored in E.164 format), call metadata (caller number, called number, duration, timestamps), and — when enabled by your organization — call recordings and AI-generated transcripts. Call recordings are opt-in and configurable per organization.

AI Interaction Data

We collect data about how the AI agent interacts with callers, including detected intents, extracted entities, booked appointments, and conversation outcomes. This data is used to improve service quality and is scoped to your organization.

Usage and Analytics

We collect information about how you use the dashboard, including pages visited, features used, and configuration changes. We also collect device information, browser type, and IP address.

• To provide and maintain the Service, including processing calls and booking appointments
• To manage your account and organization settings
• To process payments and track usage for billing purposes
• To improve our AI models and call handling quality
• To send you service-related communications (usage reports, billing notices, security alerts)
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations

Call recording is disabled by default and must be explicitly enabled by your organization administrator. When enabled, we comply with applicable laws including two-party consent requirements. Your AI receptionist can be configured to announce recording to callers.

Transcripts are generated by our AI processing pipeline and stored encrypted at rest. Organizations on HIPAA-compliant plans receive additional protections including BAA agreements and enhanced encryption standards.

We retain your data for as long as your account is active or as needed to provide the Service. Call records and transcripts are retained according to your organization's configured retention policy (default: 90 days). Billing records are retained for 7 years as required by law.

When you delete your account, we remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

We use the following third-party services to operate Callgenly:

• Twilio — Telephony infrastructure for phone calls and SMS
• Stripe — Payment processing and subscription management
• OpenAI / AI Providers — AI inference for call handling and transcription
• Google / Microsoft — Calendar integration and SSO authentication
• PostgreSQL / Redis — Data storage and processing (self-hosted infrastructure)

Each third-party provider processes data in accordance with their own privacy policies. We ensure all providers meet our security and data protection requirements.

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), network isolation, access controls, and regular security audits. All customer data is isolated by organization with foreign key constraints preventing cross-tenant access.

GDPR (European Users)

If you are in the European Economic Area, you have the right to access, correct, delete, or port your personal data. You may also restrict or object to processing. Contact us at privacy@callgenly.com to exercise these rights.

CCPA (California Users)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

HIPAA (Healthcare Organizations)

Organizations handling protected health information (PHI) can enable HIPAA compliance mode, which includes a Business Associate Agreement (BAA), enhanced encryption, audit logging, and configurable data retention policies.

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies are used only with your consent and can be disabled in your browser settings.

Callgenly is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our dashboard. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices, contact us at: